View Single Post
  #8   (View Single Post)  
Old 22nd January 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
Originally Posted by ai-danno View Post
I only mention this because I think the rest was sane. But for those truly serious threats that are actually looking to infiltrate via some means of surveillance or probing, putting services on non-standard ports does nothing. If you have SSH running on something other than 22... they're going to find it.

I would therefore recommend you leave it on 22.
I fear this depends on your userbase. if you have a large userbase with ssh access and are not enforcing password complexity rules strictly, then running ssh on a different port will greatly decrease the chance of some bot bruteforcing it's way in by automated scans ...

I know your reply already, it's not protecting the front door but putting the front door on the side of the house.
Enforcing proper passwords, or better, use RSA keys exclusively is the real solution. But in the real world things do not always work this way ...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote